[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [RFC] xl: support configuration of encrypted VNC

On Thu, 2011-12-15 at 13:29 +0000, Pasi KÃrkkÃinen wrote:
> On Thu, Dec 15, 2011 at 12:25:36PM +0000, Ian Campbell wrote:
> > Someone pointed out that it's not possible to configure encrypted vnc
> > via xl, while it is possible via xm. This is obviously quite nice to
> > have if you are logging in as root...
> > 
> > The following is my initial attempt but TBH I'm not sure if this is
> > presenting the correct interface at either the libxl or xl level. Since
> > I don't actually use this stuff myself I'm finding it a bit hard to
> > judge how much flexibility is needed or even what the right names/terms
> > for things are. Opinions?
> > 
> > Enabling basic TLS is simple enough but the x509 auth stuff is more
> > complicated and I expect a bit of a docs tarpit (references below).
> > 
> > I didn't do upstream qemu, stub qemu or vfb yet (there's a bunch of
> > yacks in this regard, not least factoring out the duplication). Upstream
> > qemu supports a few more options (e.g. sasl, see qemu(1)). SASL adds
> > more complexity since it can be used with or without the x509 options
> > depending on your needs and the specific SASL config you have in place
> > for qemu which complexifies all the interfaces.
> > 
> > Notes to be turned into docs in the final version:
> > 
> > Clients seem thin on the ground, neither xtightvncviewer nor vnc4viewer
> > support TLS. gvncviewer does seem to support all options.
> > 
> 
> I guess it makes sense to mention 'virt-viewer' in this list aswell..

I couldn't figure out how to make it speak direct to a vnc port as
opposed to needing libvirt and all that.

> 
> -- Pasi
> 
> > http://virt-manager.org/page/RemoteTLS has a bit of stuff and some
> > useful links. In particular to http://libvirt.org/remote.html which has
> > a reasonable description of how to generate appropriate certs.  On the
> > server I ended up with:
> > 
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.